<HTML>
 <HEAD>
 <TITLE>Tool 18: Reassemble IP packets of a record, and reorder TCP flow</TITLE>
 </HEAD>
 <BODY BGCOLOR="#FFFFFF">
  <CENTER>   <H3>Tool 18: Reassemble IP packets of a record, and reorder TCP flow</H3>
  </CENTER>

  <P><H3>Description:</H3>
   <PRE>
  A record is a capture file. It contains several packets captured
  during a sniff. It can also be created by hand. There are 7 formats
  for records: pcap (tcpdump compatible), bin (binary, unreadable by
  humans but fast) and mixed/mixed_wrap/dump/hexa/hexa_wrap (easy to
  read and edit). A record also has an associated DLT (Data Link Type),
  indicating at which level a packet start: raw (start at IP header) and
  ether (start at Ethernet header) are the 2 most common DLT. Tool 13
  displays DLT of each device.
  
  This tool reads packet from one record, tries to reassemble IP packets
  and reorder TCP sequences. Please note, packets may be lost.
  
  Parameter --src-file indicates the input record filename.
  Parameter --input-dlt defines the DLT of packets in input record (it
  depends on how it was sniffed, generally 'ether' (for Ethernet) or
  'raw' (if packet starts at IP header)). Full list is available through
  netwag or running tool 12.
  Parameter --dst-file indicates the output record filename.
  Parameter --recordencode defines how to encode data in this record
  (suggested values: bin, pcap and mixed_wrap).
  Parameter --tcpreord tries to reorder TCP flow (seqnum increments).
  This might miss packets.
   </PRE>

  <P><H3>Synonyms:</H3>
  &nbsp;&nbsp;capture<BR>

  <P><H3>Usage:</H3>
  &nbsp;&nbsp;netwox 18 -f file [-t dlt] -F file [-r recordencode] [-o|+o]<BR>

  <P><H3>Parameters:</H3>
<TABLE BORDER=1 CELLPADDING=4>
 <TR>
  <TD ALIGN=middle><I>parameter</I></TD>
  <TD ALIGN=middle><I>description</I></TD>
  <TD ALIGN=middle><I>example</I></TD>
 </TR>
 <TR><TD><TT>-f|--src-file file</TD>
<TD>input record file</TD>
<TD>srcfile.txt</TD></TR>
<TR><TD><TT>-t|--input-dlt dlt</TD>
<TD>dlt type of input record</TD>
<TD>ether</TD></TR>
<TR><TD><TT>-F|--dst-file file</TD>
<TD>output record file</TD>
<TD>dstfile.txt</TD></TR>
<TR><TD><TT>-r|--recordencode recordencode</TD>
<TD>encoding type for output record</TD>
<TD>bin</TD></TR>
<TR><TD><TT>-o|--tcpreord|+o|--no-tcpreord</TD>
<TD>also reorder TCP packets</TD>
<TD>&nbsp; </TD></TR>
</TABLE>

  <P><H3>Examples:</H3>
  &nbsp;&nbsp;netwox 18 -f "srcfile.txt" -F "dstfile.txt"<BR>
<BR>
  &nbsp;&nbsp;netwox 18 --src-file "srcfile.txt" --dst-file "dstfile.txt"<BR>
<BR>
 </BODY>
 </HTML>
